CVE-2008-5416
HIGH severity · CVSS 9 · Memory corruption
9CVSS HIGH
Summary
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)88%
AV:N/AC:L/Au:S/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/33034Advisory
- http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0304.html
- http://osvdb.org/50917
- http://securityreason.com/securityalert/4706
- http://securitytracker.com/id?1021363
- http://securitytracker.com/id?1021490
- http://support.avaya.com/elmodocs2/security/ASA-2009-055.htm
- http://www.kb.cert.org/vuls/id/696644